I have concerns about apps written with node.js in that respect.
How can the app builder trust node.js ? When i gave a try at compiling using npm, I was surprised by the fact “npm install” downloads a whole bunch of pieces of code from unknown ( well unknown to me ) servers, without a single intergrity check. How do you know that 1) you download it from the correct server 2) the code you download was not modified ? 3) the orginal code doesn’t phone home ? ( node.js is based on Chrome V8 engine, and I think everyone agrees on the fact that Google is not specially trying to protect privacy of its users, would they be coders. )
How do you know that there is not a funny piece of script that sends information that you don’t want to be sent, at some point of that huge chain of scripting ?
The fact that the code is open, doesn’t remove the problem that it is so huge that it would take ages to review it. I couldn’t find any serious article about this so far.
I am not familiar at all with this developing method, so I hope I can find information that can show node.js is trustable , specially with privacy protection in mind. I’d be very happy if some of you can give some insight about this.